Facebook, the Control Revolution, and the Failure of Applied Modern Cryptography

In the late 1990s and early 2000s, it was widely assumed by most tech writers and thinkers, myself included, that the Internet was a “Control Revolution” (to use the words of Andrew Shapiro, author of a book with that very title in 1999). The Internet was going to put people in control, to enable buyers to work directly with sellers, to cut out the middle man. Why? Because the Internet makes communication and commerce vastly more efficient, obviating the need for a middle man to connect us. Fast forward to 2011, and the world is vastly more centralized than it … Continue reading Facebook, the Control Revolution, and the Failure of Applied Modern Cryptography

Crisis in the Java Community… could they have used a secret-ballot election?

There is a bit of a crisis in the Java community: the Apache Foundation just resigned its seat on the Java Executive Committee, as did two individual members, Doug Lea and Tim Peierls. From what I understand, the central issue appears to be that Oracle, the new Java “owner” since they acquired Sun Microsystems, is paying lip service to the Java Community while taking the language and, more importantly, its licensing, into the direction they prefer, which doesn’t appear to be very open-source friendly. That said, I’m not a Java Community expert, so I won’t comment much more on this … Continue reading Crisis in the Java Community… could they have used a secret-ballot election?

keep your hands off my session cookies

For years, security folks — myself included — have warned about the risk of personalized web sites such as Google, Facebook, Twitter, etc. being served over plain HTTP, as opposed to the more secure HTTPS, especially given the proliferation of open wifi networks. But warnings from security freaks rarely get people’s attention. A demonstration is worth a lot more, and that’s exactly what Eric Butler did with FireSheep, a Firefox plugin that lets you instantly see who on your local network is surfing well-known sites, grab their unencrypted cookie, and “become” them on the given site. Nice work Eric! (I … Continue reading keep your hands off my session cookies

Facebook can and should do more to proactively protect users

A few days ago, the Wall Street Journal revealed that Facebook apps were leaking user information to ad networks. Today, Facebook proposed a scheme to address this issue. This is good news, but I’m concerned that Facebook’s proposal doesn’t address the underlying issue fully. Facebook could be doing a lot more to protect its users, even without giving up on their highly-targeted advertising business model. what, exactly, is going on First, let’s spend one minute describing the problem, because the WSJ’s description was somewhat inaccurate. Harlan Yu at Freedom To Tinker does a good job describing the situation: Facebook loads … Continue reading Facebook can and should do more to proactively protect users

For deniability, faking data even the owner can’t prove is fake

I was speaking with a colleague yesterday about Loopt, the location-based social network, the rise of location-based services and the incredible privacy challenges they present. I heard the Loopt folks give a talk a few months ago, and I was generally impressed with the measures they’re taking to protect their users’ data. I particularly enjoyed the problem Loopt faced with respect to abusive spouses: if your spouse is spying on you, it’s not enough to turn off your location services, because then your abusive spouse will know that you’re hiding something. You have to actually be able to lie about … Continue reading For deniability, faking data even the owner can’t prove is fake

Sometimes it’s not counter-intuitive

Bruce Schneier writes that it’s reasonable for unmanned drones to broadcast unencrypted video streams, because the video stream is not that useful to enemies, and given that many people need access to the video feed, the key distribution problem would be very difficult to manage, and some allies could be severely handicapped if they happened not to have the key. So, Bruce is typically fantastic at finding those interesting areas of security where the answer is counter-intuitive. But huh? How can both of those points be true? If the video stream is valuable to allies, then I’m guessing it’s valuable … Continue reading Sometimes it’s not counter-intuitive

Takoma Park 2009: the conclusion

Well, it’s been a few weeks of craziness at home and catching up on other work, but I’ve finally wrapped up the Takoma Park 2009 audit. The final step: letting you, dear reader, run the audit all on your own. You’ll find the complete instructions here on the auditing site. I haven’t tested this on Windows, just Mac OS X, and it should work on Linux/Unix, too. You need Python 2.5 or above, PyCrypto, git, and subversion. You need about 30 minutes of download time, and 1 hour of processing. And then you can check the results you’ve computed against … Continue reading Takoma Park 2009: the conclusion

Takoma Park: verifying the shuffle and the unopened ballots

So the votes have been cast, the uncertified tally has been released, and the confirmation codes have been published for all voters to check. Now, it’s time to make sure that the coded votes, which were shuffled via the Shuffle Tables into the decoded votes in the Results table, were indeed shuffled and decoded correctly. Having trouble remembering which table is which? Here’s a reminder: Now of course we don’t actually see these tables in cleartext, rather what we have right now is: Next, the Scantegrity team used random stock data to seed a random number generator and decide which … Continue reading Takoma Park: verifying the shuffle and the unopened ballots

Takoma Park: auditing the auditor

Rick Carback from the Scantegrity team just pointed out to me that my totals are not quite the same as theirs, and he surmises that I may have read the Instant Runoff rules incorrectly. Specifically, my code considers that ballots that skip a rank, i.e. that go directly to choice #2 and never indicate a choice #1, are “exhausted”, meaning they don’t count anymore. In fact, the rules for Takoma Park state that, in that case, the next candidate choice counts, but if two choices are skipped, then it’s exhausted. He’s absolutely right, and I’ve updated my tally code appropriately, … Continue reading Takoma Park: auditing the auditor

Takoma Park: and those provisional ballots?

Coverage of the Takoma Park election continues, with a good article in Wired. And so does the audit! Some people who showed up on election day couldn’t be verified as registered voters. Thanks to one of the useful HAVA provisions, they got to vote provisionally, meaning their ballot was set aside in an envelope labeled with their name, and their eligibility was checked later. A number of folks did turn out to be eligible, so their ballots need to be tallied. The Scantegrity team has scanned those ballots, and has thus updated its D (shuffle) and R (results) tables which … Continue reading Takoma Park: and those provisional ballots?